Understanding Network Components and Their Interrelationships- A Foundation for Network Design
Network Architecture Appendix
Defense in Depth
Defense in depth is a multilayered cybersecurity solution that defends the network or system (Rahman et al., 2020). It acknowledges that no security solution is fully secure and calls for a multilayered approach to eliminate threats. This method targets the inclusion of backup measures for every security control such that if one fails, another can take over where it left off. These involve physical, network, host, and application securities. The defense-in-depth approach reduces both the number of cyber attacks on an organization and their impact when they occur.
Air Gap
A physical air gap between trusted and untrusted computers or networks blocks data transfer. This is a strong form of protection used in sensitive systems and data, especially within government and critical infrastructure settings. Physical air gaps isolate a system or network from other external networks so that information cannot be transmitted across them. Logical air gaps prevent communications between untrusted networks/computers or between one network/computer classified as untrusted using software programs or configurations.
Demilitarized Zones
Demilitarized zones (DMZs) are designed to keep trusted internal networks separate from those considered unsafe, such as the Internet. DMZs create better network security by isolating services needing limited internal access. Typically, web servers, email servers, and DNS servers requiring outside access are in DMZs. The company could install firewalls and use IDS/IPS systems to monitor incoming traffic. This measure further reduces direct access to important internal resources, thus minimizing attack surfaces and making the network more secure.
Proxy Servers
Proxy servers anonymously transfer data between users and the Internet. The proxy could be a router or computer. A proxy server connects with the Internet on behalf of a user, unlike a browser (Ambhore et al., 2018). Internet traffic passes through a proxy server before reaching the destination computer. All communication goes through the proxy, which provides some protection and anonymity. Many IT businesses use proxy servers to filter out hazardous internet traffic.
Composition and Security
A network composition organizes and integrates a network’s hardware devices, software applications, and configurations. Knowledge of this composition is essential when it comes to network security. For security to succeed, all elements in a network must be identified and evaluated. Security vulnerabilities are assessed on hardware components such as routers, switches, and firewalls. Security setups for software applications and network servers are also examined.
Cascading/Segmentation
Network segmentation is a technique that entails dividing a network into several subnets or segments, each acting as a distinct small-scale network (Toivakka, 2018). This allows administrators to have policy-based control over traffic movement across different subnets. Segmentation is employed by businesses in order to enhance security, improve performance, strengthen monitoring, and identify technological issues.
Emergent Properties
Emergent characteristics are unexpected behaviors resulting from application components interacting with their surroundings (Johnson, 2016). Some situations benefit from emergent features, allowing people to employ items for activities not envisioned by designers. They can be detrimental if they compromise safety standards. There is a significant dispute on the definition of ’emergent properties.’ Complex systems may exhibit surprising features. Others use emergent features to describe behaviors that cannot be recognized through functional decomposition in an application. In other words, the system is greater than its pieces.
Dependencies
Dependent relationships occur when one component requires another to function properly within network design. The more interdependent networks become, the greater the reliability of networking infrastructure. Networking may be based on dependencies such as database servers where web server data is stored together with power supplies’ dependency where switches depend on each other like any other electronic equipment. So, if one part fails or experiences faults, it affects everything else or just particular services.
Trusted Computing Base Subsets
A trusted computing base (TCB) is everything in a computer system that secures processes. Hardware, firmware, software, operating systems, locations, built-in security measures, and safety protocols are included. TCB components are the only computing system components with high trust. However, “trusted” does not imply “secure.” It indicates that TCB components are essential to system security. So, the TCB enforces system-wide information security policies. Data confidentiality and integrity are also its responsibility. If the TCB is defective or insecure, the system’s security and policies may be compromised.
Transport Layer Security (TLS)
TLS is an encryption protocol that encrypts network communications. Data transmission is generally secured through eavesdropping prevention and tampering prevention via encryption with authentication. TLS is used for online transactions where data privacy and integrity matter, like secure email or browsing (HTTPS). When a web browser attaches itself to a website, it negotiates the kind of encryption it will use and exchanges digital certificates for authentication, thus enabling secure data transfer.
Border Gateway Protocol (BGP)
Border Gateway Protocol stands out as one of the most critical routing protocols globally for internet systems. BGP exchanges routing and reachability information between Autonomous Systems. The Internet depends on BGP for stability and security. This means that it has been important in determining packet paths from source to destination within the internet structure over time. BGP routers share information so that global internet traffic can flow freely. Some insecure features of BGP include route hijacking or route leaks, which intercept/divert traffic off its intended path. Since Internet Exchange Providers connect multiple networks, they must provide route filtering and monitor BGP to maintain routing integrity.
Open Shortest Path First (OSPF)
OSPF is an Interior Gateway Routing Protocol used by autonomous systems. This has the shortest path for network data packets, hence, secure and efficient routing. The routers that make up the internetwork compute the shortest route to their destination using OSPF’s Link State logic. Therefore, the fastest path connecting one node with another is discovered by routers. OSPF networks are scalable enough for larger WAN or complex networks.
Multiprotocol Label Switching (MPLS)
MPLS is a protocol that enhances network packet forwarding and routing. MPLS employs labels instead of IP headers to determine forwarding. Each packet sent through an MPLS network is tagged for forwarding purposes. While making rapid routing choices, these labels reduce processing overhead compared to IP routing operations used by MPLS routers. MPLS enhances the performance, security, and scalability of a network. Traffic labeling allows QoS functions. Apart from this, VPNs are supported by separating networking traffic while securing VPN communications.
Configuration Management
Configuration management entails managing a network and controlling changes to its configuration. It encourages uniformity by disallowing unauthorized changes, thereby increasing security and reducing mistakes made during the following process after updating a device on that line or within its vicinity. For an operational configuration management system, baseline configuration should match the intended state of the network. There is a need to document network hardware, software, and configuration changes.
Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol is a network protocol that automates assigning IP addresses and other network settings to network devices. DHCP efficiently allocates IP resources while protecting networks. The DHCP servers give out dynamic IP addresses for connected devices. Network administration is simplified by removing the manual assignment of IPs with this feature. It also checks for duplicate IPs assigned to two PCs, rendering them non-functional, and lets one access the Internet without conflicts.
Virtual Private Networks (VPNs)
VPNs are tools that provide secure encrypted access over public networks. They protect data in transit between remote users’ connections to private networks. To prevent unauthorized entry into a private network, all data transmitted through VPNs is encrypted via secure tunnels between the user’s device and a private network. VPNs are critical in ensuring privacy during message sending through the creation of secure encrypted connections over public networks used by remote users to get into private ones where they only send messages carrying their real names instead of their social media handles.
Virtual Lan
VLAN is a concept of network architecture that divides a physical network into logical parts. Each VLAN behaves like a unique network with its own traffic separation and network and communication control settings. VLANs have efficiency and security advantages in any computer networking system. They reduce congestion on the network due to fewer broadcasts across the individual subnets, which leads to more optimal system operations by reducing unnecessary traffic. In addition to allowing managers to define which devices can interact, there would be improved security if resource access was under tighter control.
Security Information and Event Management (SIEM)
SIEMs are comprehensive solutions that collect and rationalize data about network security from various sources. SIEM’s essentiality stems from its ability to quickly monitor threats within the enterprise environment. SIEM systems collect data from network monitoring, security, host-based, and application logs, which are then analyzed for trends or anomalies indicative of a potential breach. Machine learning models and correlation rules aid SIEM in threat identification.
References
Ambhore, P. B., & Wankhade, K. A. (2018). Proxy Server FOR Intranet Security. IOSR Journal of Computer Engineering, 20(2), 1–14.
Johnson, C. W. (2016). What are emergent properties, and how do they affect the engineering of complex systems? Reliability Engineering & System Safety, 91(12), 1475–1481.
Rahman, M. T., Rahman, M. S., Wang, H., Tajik, S., Khalil, W., Farahmandi, F., & Tehranipoor, M. (2020). Defense-in-depth: A recipe for logic locking to prevail. Integration, 72, 39–57.
Toivakka, J. (2018). Network segmentation. Theseus. https://urn.fi/URN:NBN:fi:amk-2018121922468
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question
Network Architecture Appendix
Before designing a network, it is necessary to understand the components of the network and how they relate to each other.
Create an appendix providing a minimum of 60-word summary for each of the following topics.
- Defense in depth
- Air gap
- DMZs
- Proxy servers
- Composition and security
- Cascading/Segmentation
- Emergent properties
- Dependencies
- TCB subsets
- Transport layer security
- BGP
- OSPF
- MPLS
- Configuration management
- DHCP
- VPN
- VLAN
- SIEM
Use a minimum of three additional resources besides your textbook.
Prepare this assignment according to the guidelines found in the APA Style Guide.